Documentation

SwarmSpace Developer Guide

Single reference for building and submitting plugins: from "what is SwarmSpace?" through a working submission. Copy the JSON and curl examples directly.

What SwarmSpace Is
What You Can Build
Plugin Manifest Specification
Endpoint Requirements
Submission and Review Process
Trust Tiers
Merit Algorithm
Revenue Share
Developer Pro Tier
PRISM Privacy Model
Getting Started Checklist

1. What SwarmSpace Is

SwarmSpace is a plugin marketplace where the primary consumer is the AI agent, not the end user. Humans choose clients; agents discover tools at runtime, decide relevance, and invoke them.

Discovery: Agents find plugins via semantic search over manifests and metadata, then call matching endpoints.
Hosting model: SwarmSpace hosts the index, trust tiering, and policy enforcement. Execution runs on infrastructure you operate (your HTTPS endpoint).
Protocols: Manifests and discovery are designed to work alongside MCP-style agent tooling; SwarmSpace does not replace MCP but aligns with the same "tool description + invocation" pattern.
Reference client: LUMARA (iOS companion) is the reference integration and first production customer. Other agent stacks can query SwarmSpace the same way.

2. What You Can Build

Plugins (atomic APIs)

One capability, one clear input contract, one structured output. Examples: web search, weather, summarization, sentiment, translation.

Workflows (composed chains)

An ordered list of plugin invocations where each step's output feeds the next. Published with a manifest plus a workflow_steps array (plugin slugs in order).

Workflow trust	Plugin chain rules
Community	May only chain free-tier plugins.
Verified	May chain free and paid plugins.

3. Plugin Manifest Specification

The manifest is the machine-readable contract agents use to decide whether to call your tool. Write for LLM consumption: precise, unambiguous, no filler.

3.1 Field Reference

Field	Type	Required	Description
`name`	`string`	Yes	Human-readable name. Max 60 characters.
`description`	`string`	Yes	What the plugin does and what it returns. Primary matching text for agents. 50–500 characters.
`agent_guidance`	`string`	No	When to use it; what it pairs with. Max 300 characters.
`access_tier`	`string`	Yes	One of: `free`, `standard`, `premium`. Declares which SwarmSpace access tier is required to invoke the plugin.
`trust_tier`	`string`	Read-only	Assigned after review: `community` or `verified`. Omit or leave unset on submit; SwarmSpace sets this.
`credit_cost_per_call`	`number`	Conditional	Credits per call. 0 for free plugins. Required when the plugin charges credits. Ceilings by category: search/lookup 5, data enrichment 15, AI synthesis 30, complex multi-step 50.
`semantic_tags`	`string[]`	Yes	Discovery tags. Min 2, max 10. Prefer specific tokens (e.g. `academic-paper-search`) over generic ones (`search`).
`latency_class`	`string`	Yes	`fast` (typical <1s), `standard` (1–5s), `slow` (>5s). Platform expects responses within the SLA in Section 4 regardless of label.
`privacy_data_required`	`string[]`	Yes	Dot-notation CHRONICLE field names this plugin needs access to (e.g. `["location"]`, `["user.display_name", "user.email"]`). Use `[]` or `["none"]` if no personal data is required. Drives PRISM minimization at the sandbox boundary — only declared fields are forwarded to your plugin. See Section 10 for the full vocabulary.
`auth_method`	`string`	Yes	`none`, `api_key`, or `oauth`.
`endpoint_url`	`string`	Yes	HTTPS URL SwarmSpace calls with POST and JSON body.
`canonical_url`	`string`	Auto	Stable URL for agent-to-agent references. Generated by SwarmSpace; do not hand-roll.
`network_domains`	`string[]`	Yes	Hostnames your implementation calls outbound (no scheme). Used for allowlisting, e.g. `["api.open-meteo.com"]`.
`content_hash`	`string`	Auto	Integrity hash of submitted artifact; set by platform.
`risk_tier`	`string`	Assigned	`low`, `medium`, `high`. Set during review.
`schedulable`	`boolean`	No	Whether the plugin may be invoked on a recurring schedule (Durable Objects). Default `false`. Only Verified plugins may set `true`.
`is_read_only`	`boolean`	No	Plugin only reads data, never modifies state. Default `true`.
`is_destructive`	`boolean`	No	Plugin may modify or delete user data. Default `false`.
`is_concurrency_safe`	`boolean`	No	Plugin is safe to call in parallel. Default `true`.
`headless`	`boolean`	No	Plugin can run without user interaction. Required for Durable Object dispatch. Default `false`.
`workflow_steps`	`string[]`	Workflows only	Ordered plugin slugs composing the workflow. Omit for atomic plugins.

3.2 JSON Schema (draft-07)

Use this for validation in CI or editors that support JSON Schema.

JSON Schema

{
  "$schema": "http://json-schema.org/draft-07/schema#",
  "$id": "https://swarmspace.dev/schemas/plugin-manifest.json",
  "type": "object",
  "additionalProperties": false,
  "required": [
    "name",
    "description",
    "access_tier",
    "credit_cost_per_call",
    "semantic_tags",
    "latency_class",
    "privacy_data_required",
    "auth_method",
    "endpoint_url",
    "network_domains"
  ],
  "properties": {
    "name": { "type": "string", "maxLength": 60 },
    "description": { "type": "string", "minLength": 50, "maxLength": 500 },
    "agent_guidance": { "type": "string", "maxLength": 300 },
    "access_tier": { "type": "string", "enum": ["free", "standard", "premium"] },
    "trust_tier": { "type": "string", "enum": ["community", "verified"] },
    "credit_cost_per_call": { "type": "number", "minimum": 0 },
    "semantic_tags": {
      "type": "array",
      "items": { "type": "string" },
      "minItems": 2,
      "maxItems": 10
    },
    "latency_class": { "type": "string", "enum": ["fast", "standard", "slow"] },
    "privacy_data_required": {
      "type": "array",
      "items": { "type": "string" },
      "description": "Dot-notation CHRONICLE field names this plugin needs. Use [] or [\"none\"] if no personal data is required."
    },
    "auth_method": { "type": "string", "enum": ["none", "api_key", "oauth"] },
    "endpoint_url": { "type": "string", "format": "uri" },
    "canonical_url": { "type": "string", "format": "uri" },
    "network_domains": {
      "type": "array",
      "items": { "type": "string" },
      "minItems": 1
    },
    "content_hash": { "type": "string" },
    "risk_tier": { "type": "string", "enum": ["low", "medium", "high"] },
    "schedulable": { "type": "boolean" },
    "is_read_only": { "type": "boolean" },
    "is_destructive": { "type": "boolean" },
    "is_concurrency_safe": { "type": "boolean" },
    "headless": { "type": "boolean" },
    "workflow_steps": {
      "type": "array",
      "items": { "type": "string", "minLength": 1 }
    }
  }
}

Paid plugins must set credit_cost_per_call within the category ceilings in Section 3.1; free plugins use 0.

3.3 Example: Atomic Plugin (weather lookup)

manifest.json

{
  "name": "Open-Meteo Current Weather",
  "description": "Returns current temperature, conditions, and wind for a location string or lat/lon. Output is JSON with temp_c, summary, and wind_kmh. Does not store queries.",
  "agent_guidance": "Use when the user asks for weather now or outside conditions. Pair with geocoding if only an address is given.",
  "access_tier": "free",
  "credit_cost_per_call": 0,
  "semantic_tags": ["weather", "forecast", "open-meteo", "geolocation"],
  "latency_class": "standard",
  "privacy_data_required": ["user.location"],
  "auth_method": "none",
  "endpoint_url": "https://api.example.com/v1/swarmspace/weather",
  "network_domains": ["api.open-meteo.com"],
  "schedulable": false
}

3.4 Example: Workflow Manifest (illustrative)

workflow-manifest.json

{
  "name": "Research snippet chain",
  "description": "Runs a free-tier web summary then a free encyclopedia lookup on the extracted topic. Returns combined text for the agent.",
  "access_tier": "free",
  "credit_cost_per_call": 0,
  "semantic_tags": ["research", "workflow", "lookup"],
  "latency_class": "slow",
  "privacy_data_required": [],
  "auth_method": "none",
  "endpoint_url": "https://workflows.example.com/swarmspace/research-snippet",
  "network_domains": ["workflows.example.com"],
  "workflow_steps": ["brave-search", "wikipedia"]
}

Replace slugs with your actual registered plugin IDs. Community workflows must only reference free access_tier plugins.

3.5 Context Field Vocabulary

Available context fields for privacy_data_required declaration. Only fields listed here may be included in the array. Use dot-notation to reference nested fields.

Field	Category	Description
`user.display_name`	Identity	User's display name
`user.email`	Identity	User's email address
`user.timezone`	Identity	User's timezone
`user.location`	Location	User's location/city
`user.language`	Preferences	User's preferred language
`chronicle.interests`	Preferences	User's interest topics
`chronicle.goals`	Preferences	User's stated goals

Only declared fields are forwarded to plugins. If your plugin does not need personal data, set privacy_data_required to [] or ["none"].

3.6 Behavioral Fields

4. Endpoint Requirements

Your endpoint must:

Accept POST with Content-Type: application/json.
Accept a JSON body with at least query (string).
Return JSON with the success or error shape below.
Use conventional HTTP status codes: 2xx success, 4xx client errors, 5xx server errors.
Stay within latency SLA for your declared latency_class:
- fast: < 1s
- standard: < 5s
- slow: < 30s
Stay reachable at endpoint_url. Uptime feeds merit scoring.
Use HTTPS only; HTTP is rejected.

Authentication

All requests from SwarmSpace carry an Authorization: Bearer <token> header. Validate this token to confirm the request originates from SwarmSpace.

Request Body (SwarmSpace → your endpoint)

SwarmSpace sends a POST to your endpoint_url. Cloudflare Workers accept requests at /invoke or / paths.

Request

{
  "query": "user's natural language query or structured input",
  "limit": 5
}

The request body varies by plugin. At minimum your endpoint should accept a query string. Optional fields like limit are plugin-specific. Additional request parameters are defined by your plugin's contract.

Success Response

200 OK

{
  "results": [
    { "title": "Example", "detail": "Structured payload your plugin defines" }
  ],
  "source": "open-meteo-current-weather",
  "count": 1
}

Error Response

Return an appropriate HTTP error status (4xx or 5xx) with a JSON body:

4xx / 5xx

{
  "error": "Upstream rate limit exceeded; retry after 60s."
}

curl (success path)

bash

# Test your endpoint with a valid query
curl -sS -X POST 'https://api.example.com/v1/swarmspace/weather' \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer <your-token>' \
  -d '{
    "query": "weather in San Francisco"
  }'

curl (error path)

bash

# Test error handling with an empty query
curl -sS -w "\nHTTP %{http_code}\n" -X POST 'https://api.example.com/v1/swarmspace/weather' \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer <your-token>' \
  -d '{
    "query": ""
  }'

Expect an HTTP 4xx/5xx status with { "error": "..." } if validation fails.

Timeout

SwarmSpace enforces a 25-second hard timeout on all plugin invocations. Plugins that exceed this receive a 504 Gateway Timeout. Design your endpoint to respond within the latency SLA for your declared latency_class (fast: 1s, standard: 5s, slow: 30s). The hard timeout applies regardless of latency_class.

Error Codes

SwarmSpace returns structured error responses with both a human-readable error message and a machine-readable code. Your client code should check the code field:

Error	Code	Meaning
`{ "error": "PRISM_CONSENT_REQUIRED", "code": "CONSENT_REQUIRED" }`	`CONSENT_REQUIRED`	PRISM consent needed — the user has not consented to sharing the requested personal data fields with this plugin.
`{ "error": "Plugin not found", "code": "NOT_FOUND" }`	`NOT_FOUND`	Unknown `plugin_id` — the requested plugin does not exist in the registry.
`{ "error": "Insufficient tier", "code": "FORBIDDEN" }`	`FORBIDDEN`	Tier too low — the user's access tier does not permit invocation of this plugin.
`{ "error": "Rate limit exceeded", "code": "RATE_LIMITED" }`	`RATE_LIMITED`	Credit ceiling hit — the user has exceeded their daily or monthly invocation limit.
`{ "error": "Plugin invocation failed: ...", "code": "UPSTREAM_ERROR" }`	`UPSTREAM_ERROR`	Worker error — the plugin endpoint returned an error or was unreachable.
`{ "error": "Request timeout", "code": "TIMEOUT" }`	`TIMEOUT`	25s timeout exceeded — the plugin did not respond within the hard timeout.

5. Submission and Review Process

Stage	What happens	Timeline
1. Submit	Complete the form at submit-plugin.html. Manifest fields are validated; endpoint reachability is checked.	Immediate
2. Automated checks	Schema validation, response shape checks, latency sampling vs `latency_class`.	Minutes
3. Safety review	Human review: abuse, third-party ToS alignment, privacy minimization, identity checks.	2–3 business days
4. Listing	Community tier; discoverable via agent search and catalogue updates.	After approval
5. Monthly merit review	Strong Community plugins evaluated for Verified promotion.	Monthly

Common Rejection Reasons

Endpoint down, timeouts, or non-JSON / wrong envelope.
privacy_data_required lists fields the implementation does not actually use (PRISM violation).
Outbound calls to domains not listed in network_domains.
Wrapper around a third-party API that violates that API's terms.
Vague description so agents cannot route to the tool reliably.

Developer Agreement

Submission requires accepting the SwarmSpace Developer Agreement and third-party API compliance (see checkbox on the submission form). There is no separate legal copy in this repository; the binding step is the in-flow acceptance at submit time.

6. Trust Tiers

Tier	How you get it	What it means
Community	Pass safety review	Listed; free to users; no credit charging; standard placement.
Verified	Merit promotion (monthly)	Top placement in category search; may charge credits; 80% revenue share to you; eligible for `schedulable: true`.

Verified is not for sale. Placement and tier are earned, not purchased. That constraint is structural to SwarmSpace's trust model.

7. Merit Algorithm

Monthly Verified consideration uses a composite score. No single signal alone should dominate.

Signal	Weight	What it measures
Upvotes	Medium	Community endorsement; one vote per user per plugin; voter quality weighted by usage history.
Call volume	High	Actual agent invocations.
Retention	High	Repeat use across sessions.
Developer activity	Medium	Posts and support in the plugin's Swarm community space.
Update frequency	Low	Maintenance; stale plugins decay.
Error rate	Disqualifying	Sustained high failure rates remove eligibility regardless of other signals.

Community: Free to users. No developer revenue (no per-call credits).
Verified: You set credit_cost_per_call (within ceilings). 80% of credits to you, 20% to SwarmSpace.
Founding Developers (first 100 Verified): 85% share for the life of the program, plus a Founding Developer badge.
Payouts: Stripe Connect, monthly batch.
Dashboard: Verified developers see calls, revenue, and merit trajectory.

9. Developer Pro Tier

Active publishers receive SwarmSpace Pro (nominal $15/mo value) at no charge while eligible:

At least one Community or Verified plugin in good standing.
Full access to premium SwarmSpace APIs for testing integrations.
Earnings dashboard and analytics (Verified).

If you have no published plugins in good standing for 90 days, entitlement reverts to standard consumer pricing/policy.

10. PRISM Privacy Model (summary)

Enforcement is currently logging-only: the router logs privacy events (e.g. unconsented data access attempts) but does not yet block requests. Active enforcement is planned for a future release.

Context minimization: Only plugins with non-empty privacy_data_required receive user context. Only the specific CHRONICLE fields declared in the array are forwarded to your plugin — no other user data is included. The sandbox boundary (pre-deployed Cloudflare Workers at fixed URLs) enforces the allowlist. Use [] or ["none"] if your plugin needs no personal data.
Network: Default posture is no outbound access; only network_domains are whitelisted. (Internal docs refer to globalOutbound: null until explicitly configured.)
Secrets: API keys are injected at the boundary; plugin code does not read raw platform secrets.

Full detail: PRISM Technical Documentation

The privacy_data_required field is a string array of dot-notation CHRONICLE field names as described in Section 3.1. Only declared fields are forwarded to plugins. See the context field vocabulary for valid field names.

11. Getting Started Checklist

Sign up: swarmspace.vercel.app/signup.html (Google, GitHub, or email).
Implement HTTPS POST endpoint; return the JSON envelope in Section 4.
Author manifest.json using Section 3 (host at manifest URL if you use the optional field on the form).
Test with curl against your endpoint.
Submit: swarmspace.vercel.app/submit-plugin.html.
Wait for safety review (2–3 business days).
After approval, monitor errors, latency, and community engagement for merit.